feat(scripts): add standalone ANOLISA adapter entry

[kongche-jbw]

Description

This PR adds a standalone OpenClaw adapter entry for ANOLISA:

scripts/anolisa-for-openclaw

The goal is to provide a separate one-click OpenClaw integration path without
coupling it to the project build/install workflow.

This script is an adapter orchestrator only. It does not build source code and
does not duplicate component-private logic. Instead, it discovers and invokes
per-component adapter scripts through a shared environment contract.

Included components:

• os-skills
• ws-ckpt
• sec-core
• tokenless

agentsight is recognized but intentionally not included in the recommended
OpenClaw adapter set because it does not currently provide an OpenClaw adapter.

Key behavior:

• Supports install and uninstall actions.
• Supports --mode recommended and explicit --component.
• Supports --status and --dry-run.
• Discovers adapters from built target output, user install paths, system
  install paths, or source tree fallback.
• Calls component-owned adapter scripts:
  openclaw/scripts/install.sh and openclaw/scripts/uninstall.sh.

This PR is intentionally separated from the build workflow PR so reviewers can
evaluate the OpenClaw delivery scenario independently.

Related Issue

no-issue

Type of Change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Refactoring (no functional change)
• Performance improvement
• CI/CD or build changes

Scope

• cosh (copilot-shell)
• sec-core (agent-sec-core)
• skill (os-skills)
• sight (agentsight)
• tokenless (tokenless)
• Multiple / Project-wide

Checklist

• I have read the Contributing Guide
• My code follows the project's code style
• I have added tests that prove my fix is effective or that my feature works
• I have updated the documentation accordingly
• For cosh: Lint passes, type check passes, and tests pass
• For sec-core (Rust): cargo clippy -- -D warnings and cargo fmt --check pass
• For sec-core (Python): Ruff format and pytest pass
• For skill: Skill directory structure is valid and shell scripts pass syntax check
• For sight: cargo clippy -- -D warnings and cargo fmt --check pass
• For tokenless: cargo clippy -- -D warnings and cargo fmt --check pass
• Lock files are up to date (package-lock.json / Cargo.lock)

Testing

Local checks:

bash -n scripts/anolisa-for-openclaw
bash -n src/agent-sec-core/adapters/openclaw/scripts/install.sh
bash -n src/agent-sec-core/adapters/openclaw/scripts/uninstall.sh
bash -n src/os-skills/adapters/openclaw/scripts/install.sh
bash -n src/os-skills/adapters/openclaw/scripts/uninstall.sh
bash -n src/ws-ckpt/adapters/openclaw/scripts/install.sh
bash -n src/ws-ckpt/adapters/openclaw/scripts/uninstall.sh
bash -n src/tokenless/adapters/tokenless/openclaw/scripts/install.sh
bash -n src/tokenless/adapters/tokenless/openclaw/scripts/uninstall.sh

Dry-run checks:

./scripts/anolisa-for-openclaw --help
./scripts/anolisa-for-openclaw --status
./scripts/anolisa-for-openclaw --dry-run --mode recommended
./scripts/anolisa-for-openclaw --dry-run --component sec-core
./scripts/anolisa-for-openclaw --dry-run --uninstall --component tokenless

Expected OpenClaw state after install:

~/.openclaw/skills/ws-ckpt/SKILL.md
~/.openclaw/skills/code-scanner/SKILL.md
~/.openclaw/skills/prompt-scanner/SKILL.md
~/.openclaw/skills/skill-ledger/SKILL.md

Expected OpenClaw plugins:

tokenless-openclaw
agent-sec

Additional Notes

Review focus:

• Whether scripts/anolisa-for-openclaw is clearly decoupled from
  scripts/build-all.sh.
• Whether adapter discovery order is reasonable for source, user install, system
  install, and staged target output.
• Whether each component owns its OpenClaw install/uninstall logic.
• Whether the script is suitable as a future curl-based OpenClaw integration
  entry.

[Forrest-ly]

LGTM